Skip to content

The-SNEK-Initiative/SNEK_Eris

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
git_images
git_images
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
SNEK_Eris_release-1.0.zip
SNEK_Eris_release-1.0.zip
 
 
eris.cpp
eris.cpp
 
 
faxp.cpp
faxp.cpp
 
 
setup.ps1
setup.ps1
 
 

Repository files navigation

SNEK Eris

Welp, sorry to drop this on a friday night ig.

Anyway, WHAT IS Eris? its a VERY reliable lpe that abuses the fax service provider to get a system shell on an active user session.

How did we attain that? well, we first bypass uac via silent cleanup (i know i know, extraordinarily creative) and then we run a script that basically sets up a new virtual fax device provider in the registry, reconfigures the fax service to run as local system, and then restarts the service to trigger the payload. the initial uac bypass is basically just a sacrifice

HOW CAN I TEST HTIS OUT?!?!?!

Firstly, you need g++ (minGW-w64) installed, or msys2

Compile the payload and the launcher:

g++ faxp.cpp -shared -o faxp.dll "-Wl,-s,-O2,--kill-at" -lwtsapi32 -luserenv; g++ eris.cpp -o eris.exe -luser32 -lshell32 -ladvapi32 -s -O2

then just run the exe, boom give it a second and you have a elevated shell or, alternatively just run the precompiled binaries we included in releases, also works, but only if youre lazy.

Proof:

Snek Eris

About

Repo documenting the SNEK Eris exploit chain

Resources

Readme

License

View license
Activity
Custom properties

Stars

8 stars

Watchers

0 watching

Forks

2 forks
Report repository

Releases 1

Release Version 1.0.0 Latest
May 15, 2026

Packages

 
 
 

Contributors

Languages